Split Tunnel VPN to bypass Chinese Sensorship

My company has an office in China.  The great firewall of China often gets in the way of our western employees accessing sites that they need to work.  Some sites are completely blocked, others have their capability degraded to the point where they can be hardly used (such as Gmail).

We have a Sonicwall TZ170 in both Ottawa, Canada and Dongguan, China.  We have a VPN connection established between the sites.  I have tried routing all the traffic from Dongguan to Ottawa and this works, but it is far too slow to be practical.  

I am looking for a way to split the traffic so that restricted sites go through the VPN and unrestricted sites go through the Chinese internet.  Any suggestions?

Also, we have used various VPN services on the client machines and these work well.  But I would rather have something centrally managed.  Is there a way to route specific traffic through a 3rd party VPN?

Running Windows 2012 servers pretty much through and through.
LVL 1
encoadAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
» Is there a way to route specific traffic through a 3rd party VPN?
Usually the answer has to be "no". VPN clients are not intended to route traffic. I've managed to force Cisco (IPSec) VPN client and Windows RRAS into proper routing (see http://www.experts-exchange.com/A_350.html for details). Most other VPN clients do not use a virtual network interface you can see in RRAS, and so that will not work for them.

» I am looking for a way to split the traffic so that restricted sites go through the VPN and unrestricted sites go through the Chinese internet.  Any suggestions?
Difficult to achieve. You'll have to route on target IP address. Unless the SonicWALL supplies wildcard routing via policy-based routing, to redirect all *.com, for example.
encoadAuthor Commented:
Is there some (relatively) inexpensive hardware that can help me achieve what I want? (either replacing or supplementing the Sonicwall).

The Sonicwall handle wildcard netmasks, but cannot do anything with specific domains.

We use VPN connections like PureVPN which works great, but I need this at the network level as opposed to the client level.

In my dreamworld, all domains owned by Google would go through PureVPN for example.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
Nothing you can set up easily will help you in your mission. And I can't tell anything about PureVPN - the info they provide is confusing, but the protocols they use would all allow for routing, if the client does. If it works with the MS VPN (PPTP, SSTP, L2TP/IPSec) or the default Open Source OpenVPN client, making a Windows machine a router is feasible.

Still all solutions would require you to divert by IP addresses, not names. And that is the main issue. But Google US has some fixed IP ranges, so that would be managable. You would have to define the specific routing on a single point, best on your default gateway, and that usage would be transparent, no need to set up more on clients.

IDK, but a Web Proxy could also be able to apply domain specific rules - maybe even routing.
Carl DulaCommented:
Take a look at the following. Even though it is older, it should help you route the traffic.


https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=5243

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.